/// <summary>
/// 构造下Idr4登陆界面显示视图模型
/// </summary>
/// <param name="ReturnUrl"></param>
/// <returns></returns>
private async Task <Idr4LoginViewModel> CreateIdr4LoginViewModelAsync(string ReturnUrl)
{
Idr4LoginViewModel vm = new Idr4LoginViewModel();
var context = await _identityServerInteractionService.GetAuthorizationContextAsync(ReturnUrl);
if (context != null)
{
if (context?.IdP != null)
{
// 扩展外部扩展登录模型处理
vm.EnableLocalLogin = false;
vm.ReturnUrl = ReturnUrl;
vm.username = context?.LoginHint;
vm.ExternalProviders = new ExternalProvider[] { new ExternalProvider {
AuthenticationScheme = context.IdP
} };
}
}
//外部登陆 获取所有授权信息 并查找当前可用的授权信息
var schemes = await _schemeProvider.GetAllSchemesAsync();
var providers = schemes
.Where(x => x.DisplayName != null)
.Select(x => new ExternalProvider
{
DisplayName = x.DisplayName,
AuthenticationScheme = x.Name
}).ToList();
var allowLocal = true;
if (context?.ClientId != null)
{
var client = await _clientStore.FindEnabledClientByIdAsync(context.ClientId);
if (client != null)
{
allowLocal = client.EnableLocalLogin;
vm.ClientName = client.ClientName;
vm.ClientUrl = client.ClientUri;
vm.ClientLogoUrl = client.LogoUri;
if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Any())
{
providers = providers.Where(provider => client.IdentityProviderRestrictions.Contains(provider.AuthenticationScheme)).ToList();
}
}
}
vm.AllowRememberLogin = AccountOptions.AllowRememberLogin;
vm.EnableLocalLogin = allowLocal && AccountOptions.AllowLocalLogin;
vm.ReturnUrl = ReturnUrl;
vm.username = context?.LoginHint;
vm.ExternalProviders = providers.ToArray();
return(vm);
}
public async Task <IActionResult> Login(Idr4LoginViewModel model)
{
#region Idr4验证处理 这里主要对ReturnUrl处理
var context = await _identityServerInteractionService.GetAuthorizationContextAsync(model.ReturnUrl);
if (context == null)
{
//不存在客户端信息
Redirect("~/");
}
#endregion
#region 基础验证
if (string.IsNullOrEmpty(model.username))
{
ModelState.AddModelError("", "请输入用户名");
}
if (string.IsNullOrEmpty(model.password))
{
ModelState.AddModelError("", "请输入密码");
}
#endregion
if (ModelState.IsValid)
{
var user = await _testUserStore.FindByName(model.username);
if (user == null)
{
ModelState.AddModelError("", "用户不存在");
}
else if (await _testUserStore.ValidatorUser(user, model.password))
{
//查询用户信息
await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName));
//记住登录
AuthenticationProperties authenticationProperties = null;
if (AccountOptions.AllowRememberLogin && model.RememberLogin)
{
authenticationProperties = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration)
};
}
//SignIn
var userClaims = await _testUserStore.GetAllClaimsByUser(user);
await HttpContext.SignInAsync(user.Id, user.UserName, authenticationProperties, userClaims.ToArray());
if (_identityServerInteractionService.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
return(Redirect("~/"));
}
else
{
await _events.RaiseAsync(new UserLoginFailureEvent(model.username, "登录失败"));
ModelState.AddModelError("", AccountOptions.InvalidCredentialsErrorMessage);
}
}
//防止验证失败后返回视图后 界面模型参数不存在 所以这里需要构建一次模型
var vm = await CreateIdr4LoginViewModelAsync(model.ReturnUrl);
return(View("Login", vm));
}
